"repo-token lacks required permissions"

[thangeshbabu]

I am trying to use this action in Github Enterprise using Self Hosted Runner.
No matter what permission I assign, job keeps failing with error "repo-token lacks required permissions"

Debug Log - Permissions :

##[group]GITHUB_TOKEN Permissions
2024-03-07T15:40:25.2941943Z Actions: write
2024-03-07T15:40:25.2942376Z Checks: write
2024-03-07T15:40:25.2942842Z Contents: write
2024-03-07T15:40:25.2943416Z Deployments: write
2024-03-07T15:40:25.2943860Z Discussions: write
2024-03-07T15:40:25.2944383Z Issues: write
2024-03-07T15:40:25.2944841Z Metadata: read
2024-03-07T15:40:25.2945333Z Packages: write
2024-03-07T15:40:25.2946107Z Pages: write
2024-03-07T15:40:25.2946601Z PullRequests: write
2024-03-07T15:40:25.2947416Z RepositoryProjects: write
2024-03-07T15:40:25.2947944Z SecurityEvents: write
2024-03-07T15:40:25.2948453Z Statuses: write

my github workflow yaml:

on: pull_request
permissions: write-all
jobs:
  find-flags:
    runs-on: self-hosted
    name: Find LaunchDarkly feature flags in diff
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Find flags
        uses: launchdarkly/find-code-references-in-pull-request@v1.2.0
        id: find-flags
        with:
          project-key: <project-key>
          environment-key: dev
          access-token: ${{ secrets.LD_ACCESS_TOKEN }}
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          create-flag-links: true
      - name: Add label
        if: steps.find-flags.outputs.any-changed == 'true'
        run: gh pr edit $PR_NUMBER --add-label ld-flags
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
      - name: Remove label
        if: steps.find-flags.outputs.any-changed == 'false'
        run: gh pr edit $PR_NUMBER --remove-label ld-flags
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}

[jazanne]

@thangeshbabu Sorry you're seeing issues with the action. Can you share more information about which step(s) are failing with the repo token permissions error?

[thangeshbabu]

@jazanne thanks for responding,
It is failing on "Find Flags" Step and below is the SS of error I am facing.

[jazanne]

@thangeshbabu Since you are an enterprise account, can you check that your organizations permission settings are correct? I'm unable to reproduce this issue

[matthieulabbe]

I think I have the same issue. Log with debug logging:

Preprocessing diffs...
  ##[debug]Getting pull request diff...
  2024/10/25 03:50:06 `repo-token` lacks required permissions
  Error: `repo-token` lacks required permissions
  ##[debug]Docker Action run completed with exit code 1

I also have this warning:

This job failure may be caused by using an out of date self-hosted runner. You are currently using runner version 2.311.0. Please update to the latest version 2.314.1

@thangeshbabu Were you able to get this to work in Github Enterprise using a Self Hosted Runner?

[thangeshbabu]

Nope @matthieulabbe

Now it is evident that it is a common problem not specific to my organization. Anyway LaunchDarkly team can help us on this @jazanne ?

[collinmurd]

I created #143 to fix this. The http client was defaulted to point at github.com, so when it tried to use a token from a separately hosted Github Enterprise instance, it obviously was not valid.